Select local site

| Japanese | Simplified Chinese | Traditional Chinese (Hong Kong) | Traditional Chinese (Taiwan)

F-Secure Hoax Information Pages: Topanga
[Summary] | [Detailed Description]

Name : Topanga
Type:Hoax
Category:Hoax
Platform:Win32
Radar

Summary
There is no virus by this name. However, there is a widespread hoax message of an imaginary virus spreading over power cables by this name. Such virus does not exist.
Back to the Top

Detailed Description
Do not forward the hoax warning.

Here is a copy of the original warning:

Everyone ... I received the following from a colleague of my
at CERT detailing a new network virus called the TOPANGA virus
... I tested the Sprint IP Web Hosting Architecture this
morning and found that indeed the Web Hosting Network is
infected with the virus ... It seems that the virus entered
the network when we updated the RND Networks with the new Web
Server Director Software v.5.01 ... our problem is two-fold
... since all Web Hosting HTTP traffic goes through the WSDs,
all clients are potentially infected ... but the biggest
problem is that the TOPANGA virus can be spread through the AC
Power Distribution Network ... Relay should be okay since it
uses DC Power, but the Web Hosting Replication Software seems
to be replicating the TOPANGA virus between Data Centers ...
it's possible that Customers Computers can get the virus by
HTTP and then the virus will spread to other appliances at the
customer network. After some research I found that the major
symptom TOPANGA virus infection is that the virus will remove
any Year 2000 (Y2K) compliance from the system and network
software ... while, obviously, this won't be an issue for
several months ... the longer the virus stays on the network,
more code will be affected ... there is the possibility that
this can also effect other systems attached to AC power In
order to protect the Web Hosting Network, it will be necessary
to install updated software and hardware that is protected
from the TOPANGA virus ... I STRONGLY suggest that we halt the
roll out of the IP Web Hosting Platform until this can be
resolved, probably up to a month ... please let me know if you
have any problems or questions... af

Forwarded Message
Wed, 1 Apr 1998 01:44:27 -0800
david@knd.org
cecbar@cert.com
Subject: deadly Topanga virus sighted

David, Please forward this around to some of your collegues

VIRUS ALERT Institute for Computing Standards
Portland, Oregon

The Institute for Computing Standards has issued a warning
concerning a newly discovered virus: the TOPANGA virus. The
first known virus of its kind, Topanga is capable of affecting
electronic appliances which share circuits with infected
computers. The virus can manipulate a computer's power supply
through the hard drive power connection, causing the power
supply to generate back-EMF cotangential sine waves over the
computer's 120VAC circuit. These electrical anomalies have
been designed to interfere with other electronic appliances
which share a circuit with the host PC, including not only
computer peripherals such as monitors, modems and printers,
but also digital clocks, stereo equipment, cordless
telephones, microwaves, coffee makers, etc. Topanga can
overload and burn out circuit boards on appliances; affected
boards are then useless, and can be costly to replace, so take
caution. Appliances appear to malfunction briefly, and then
will frequently emit sparks and then cease functioning.
Although no electrical fires have been attributed directly to
topanga, this is a danger.

The Topanga virus spreads itself surreptitiously through TCP
connections made during hypertext transfer protocol (HTTP)
"server push" browsing. Server push is a feature in ANSI HTML
versions 2.0 and higher; it allows a web server to notify the
client browser when a new page or new data is available.
Topanga generally replicates itself using TCP port 80 over the
Internet, although an infected http daemon (web server) can
also infect intranet computers as well. During transmission of
the virus, the host web browser typically experiences a delay
of several seconds while downloading a document during "server
push" operations (web page redirect, for example).

System adminstrators can check their web servers for existence
of the virus by searching for the file "topanga" within their
web server document directories. End users should ensure that
they are running the latest version of their virus protection
software; major anti-virus packages have already included
topanga virus definitions in the latest release of their
software.

End users who suspect that their computers may be infected
with topanga should immediately either A) unplug all
appliances which share a circuit with their computers, or B)
turn off their computers, until they install the latest
version of virus protection software (which must specifically
state that it offers protection from the "TOPANGA" virus).
After the computer is verified to be free of topanga,
appliances may be plugged back in.

Cecil Barber
cecbar@cert.com

Again, do not spread this hoax.
Back to the Top



F-Secure Corporation

Last Modified: January 01, 2006